Sovereign air-gapped architecture, zero egress
Sovereign architecture is the control that makes every other control possible: Mickai runs entirely on hardware you own, with no network required for inference, identity, governance or audit. Because the components physically cannot reach a vendor cloud, the data cannot leave the building, so the exfiltration threat is neutralised by construction rather than by a policy a vendor could revise. This is sovereign by architecture, not by policy: removing the network does not change how Mickai behaves.
The single largest risk in enterprise AI is that regulated data leaves the perimeter the moment it is sent to a shared cloud model for inference, because that transfer is an egress event a regulator can question and an attacker can intercept. An AI that can be denied service by withdrawing connectivity, or that quietly phones home for telemetry, model updates or embedding sync, is not sovereign and cannot hold personal data, cardholder data or trade secrets safely. Conventional cloud AI rents the model, the inference, the identity and the memory from a vendor, so the owner never controls the system after deployment and cannot prove what it did when a regulator asks. Mickai inverts every one of those defaults: the sovereign brains run on the owner's own silicon, air-gap operation is the default rather than a degraded mode, and the only outbound packets are those the operator explicitly commissions and signs. Because the data never crosses the boundary, GDPR cross-border transfer exposure, the third-party processor chain and the hyperscaler concentration risk that DORA and the FCA operational-resilience rules treat as a controllable dependency are all removed at the level of the architecture.
The 5 controls in this domain, each enforced by construction on hardware you own and mapped to the subsystem that provides it.
Zero Data Egress By Construction
Mickai processes every request on the sovereign brains inside your own network, with no call to an external model, translation, embedding or analytics service. Because there is no code path that sends regulated data off the hardware, the exfiltration threat is closed by construction rather than mitigated by a setting. This removes the GDPR cross-border transfer and third-party processor exposure that a shared cloud model creates, and it holds even against an operator error, because there is no cloud endpoint to leak to. Every action is instead sealed to the Open Audit Record on hardware you own.
Air-Gap Survivability
Air-gap operation is the default posture of the Mickai SIOS, not a fallback mode: chat, voice, retrieval, governance, audit and signed action execution all function with no network present. This proves the system is genuinely sovereign, because an AI that can be switched off by cutting its connectivity is a rented dependency rather than an owned asset. For defence, critical national infrastructure and classified environments, air-gap survivability is the baseline requirement, and Mickai meets it as tested behaviour. There is no cloud to fall back to, so there is no vendor-controlled path in the stack.
No Telemetry Or Phone-Home
Mickai emits no telemetry, no usage analytics, no silent crash reporting and no model-update channel that reaches a vendor without consent. Every outbound network call is initiated by an action the operator explicitly commissioned and signed, so there is no covert side channel through which activity data could leave. This closes the common leakage route where a nominally on-premise product still reports back to its maker, and it means an air-gapped deployment behaves identically to a connected one. The absence of a phone-home path is verifiable because there is no code that opens an unsolicited connection.
Operator-Commissioned Egress Only
Where an outbound action is genuinely required, such as sending an email a user has authored, it is treated as a first-class action that the operator commissions and signs, and it is classified and recorded before it leaves. Trust Agent, the foundational routing primitive, inspects and classifies every request by sensitivity tier and enforces a per-tenant egress firewall so nothing reaches an external destination without passing that gate. This converts egress from an ambient risk into a deliberate, audited, exception-only event. The design is anchored in the filed Trust Agent patent, the first application in the portfolio.
Hardware Owned, Not Rented
Mickai runs on hardware the organisation owns, with the model weights, the signing keys and the local audit ledger all held on that hardware rather than leased from a vendor. Ownership is binary: there is no leased component that a third party could withdraw, meter or subpoena, because the vendor never holds the data or the identity. This removes the operational leverage a cloud provider otherwise has over how, when and whether the system runs, and it converts a metered subscription into a capital asset. The regulated boundary is therefore enforced by property, not only by contract.
The advantages hold across every control domain, and they are architectural, not promotional. The third-party cloud-exposure vector is removed; your own physical, insider and compliance controls remain yours.
The data never leaves your hardware, so no third party and no cloud-provider employee ever sees it. What happens in the server room stays in the server room.
You own the compute and the capability, so the system runs independent of the internet and of any cloud vendor's pricing, terms, or availability.
The data never crosses a geographical or digital border because it never leaves the building, which removes the cross-border-transfer and third-party-processing friction of UK GDPR, Schrems II, and the sector rules. You keep your own obligations.
Fine-tune and run retrieval on your deepest archives to build a hyper-customised co-pilot, with no risk of your proprietary edge training a public model or leaking.
After the hardware and licence, queries cost essentially electricity. A capital asset you own and depreciate, instead of volatile per-token cloud bills.
There is no third-party cloud path, so no competitor and no vendor insider can scrape, intercept, or subpoena your prompts or your fine-tuned weights from the internet. The trust vault is closed by architecture.
You own the software snapshot on your own hardware, so a change to a cloud vendor's terms, a model deprecation, or an outage cannot reach you. The system stays predictable and auditable on-premise as the rules evolve.
What does zero data egress actually mean in Mickai?
It means that no regulated data ever leaves the hardware you own, because there is no code path that sends inference requests, identity checks, embeddings or audit records to an external service. The sovereign brains run inside your own network, so the exfiltration threat is closed by construction rather than by a configurable setting. The only packets that leave are those an operator explicitly commissions and signs, and each of those is classified and recorded first. This removes the GDPR cross-border transfer and third-party processor exposure that a shared cloud model creates.
Can Mickai really run fully air-gapped?
Yes. Air-gap operation is the default posture, not a degraded mode. Chat, voice, retrieval, governance, audit and signed action execution all function with no network present at all, which is the test of genuine sovereignty. An AI that can be denied service by withdrawing connectivity is a rented dependency, whereas Mickai holds regulated data on hardware you own and keeps working when the network is gone. Air-gap behaviour is tested rather than claimed.
Does Mickai phone home or send telemetry?
No. There is no telemetry, no usage analytics, no silent error reporting and no model-update channel that calls a vendor without consent. Every outbound network call is initiated by an action the operator explicitly commissioned and signed, so an air-gapped deployment behaves identically to a connected one. The absence of a phone-home path is verifiable, because there is no code that opens an unsolicited connection off the hardware.
What is meant by sovereign by architecture, not by policy?
A policy can be revised, ignored or overridden by a vendor, whereas an architecture cannot. Mickai is sovereign because its components physically cannot reach a vendor cloud, not because a policy states that they should not. Removing the network does not change how Mickai behaves, which is the difference between a genuine control and a promise. The regulated boundary is enforced by property and by the code, not only by a data-processing agreement.
How does an air-gapped architecture help with DORA and hyperscaler concentration risk?
For regulated financial firms, the DORA and FCA operational-resilience rules treat a critical cloud dependency as a concentration risk that must be controlled and, in many cases, exited. Because Mickai is an asset you own and run on your own hardware, there is no critical third-party cloud dependency to control or exit, which addresses that concentration risk directly. There is also no vendor that could be compelled to disclose your activity, because the vendor never held it.
Is Mickai a competitor to the public cloud?
No. The public cloud remains genuinely valuable for non-regulated work, and Mickai is not an attack on any provider. Mickai is the answer specifically for the regulated-data boundary, where personal data, cardholder data, contract text and trade secrets cannot lawfully or safely sit in a shared, multi-tenant environment. The distinction is architectural: the cloud is the right tool for open workloads, and a sovereign on-premise system is the right tool for the regulated ones.
Review the sovereign air-gapped architecture, zero egress controls with us.
Briefings are for organisations weighing a sovereign, on-premise deployment. Tell us about your estate and threat model and we will walk the controls, the attestation surface and the deployment that fits.